Locky ransomware replaced with dummy file, rendered ineffective

A white hat hacker has hacked into the Locky ransomware making it effectively harmless. Avira wrote in a blogspot that one of the strains of malware they were looking turned out to be nothing. The strain was not even as harmful as the malware should be.

Sven Carlsen, who was the leader of the team at Avira of Virus Lab Disinfection Service said what they downloaded in expectancy of the malware was rather a 12kb binary with a plain message, “Stupid Locky.” The ransomware has been infecting many of the computers since February and locking out of users of their computers. The ransomware usually comes through infected Word documents and is said to have been used in much parts of the world including Europe, the US, and some parts of Asia.

The malware urges users to open web pages on the dark web using the infamous browser Tor, and there they can the ransom to have their files unlocked using virtual currency Bitcoin. Carlsen noted that a benevolent hacker might had taken control of the command server and control server of the malware and replaced the file with an ineffective one.

“It seems that someone was able to access one of the command and control servers and replaced the original Locky ransomware with a dummy file. And I do mean dummy in the fullest expression of the word,” said Carlsen. “Now, I don’t believe that cyber-criminals themselves would have initiated this operation because of the potential damage to their reputation and income stream.”

He also added that the malware is far from dead as the creators of the ransomware were still active. But he points out that the recent Dridex example and now Locky showed that even cyber criminals are at risk themselves.

SE Director at Bromium, Fraser Kyne said the situation was a bit funny. He said this small pdf piecework had put many businesses and individuals who would have been affected at ease. He does however suggest that people spend most of their time stopping and removing malware rather than trying to mock it and modify it.

Vice President at Radware for security solutions, Carl Herberger said that companies were not resting anymore and were rather deploying more and more defenses which helped them in their defense against hacking. Hack backs and counter hacks were also gaining momentum.

He points out that the long term effects of trying this method must be entirely evaluated as not all methods are desirable or lead to the results that you intend to have. In this case, it can be viewed as taunting which might provoke the original hackers even more.